App Review Comodo Firewall 10 vs Ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
cruelsister

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Part 4 of the Ransomware series. (and my last one for a while). Note that the ransom screens that popped up on occasion were the extent of what the ransomware could do (nothing at all encrypted); but if you didn't even want the ransom screens, just up the sandbox level to Untrusted.

Music: Lisa Gerrard- Elegy

 
  • Like
Reactions: done, kyokodash, TheMalwareMaster and 36 others
C

ctrlz

Level 2
Verified
Mar 20, 2017
54
My settings are different, but I'm quite confident the result would be similar:
- I don't auto-block firewall requests: anyway the downloaded file would be sandboxed
- I have HIPS enabled: in Safe Mode it doesn't generate many popups
- I don't suppress privilege elevation alerts by default: this could be the only problem, just in case I manually choose to run outside the sandbox

Thanks for the test @cruelsister
 
  • Like
Reactions: kyokodash, TheMalwareMaster, codswollip and 2 others
lab34

lab34

Level 6
Verified
Well-known
Mar 28, 2017
263
Hello,
as always a very informative test.

Today, with this video, I realized something : the notifications are mastered by Windows on Win 10. Not exactly the same menu on the general options.
Every time I saw your videos, I thought "she have a different version of CFW" but now I understand that your videos are on Win7 :oops:

(sorry for the noob remark)

Win10:
Capture.JPG


Win7:
Capture.JPG
 
  • Like
Reactions: Parsh, kyokodash, TheMalwareMaster and 7 others
cruelsister

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Kaspersky properly set is excellent. The only main deficiency I had found was in Boot Time protection, soon fixed.

Lab- the reason I use Win7 in my videos is that it still has about a 50% market share. Personally I use W10 and love it (with StartIsBack++).
 
  • Like
Reactions: Andytay70, Parsh, kyokodash and 8 others
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Tiny said:
@cruelsister I assume you set "Do not show privilege alerts: Run inside container" for demonstration purposes at 00:00:53 in the video? It can be interchangeable with the "Block" option I believe?
Click to expand...
Either option will achieve the same result in the end.
If you had it set to block the ransomware's initial execution would be completely blocked due to it requesting privilege elevation from the get-go and because it's unrecognised by Comodo. Even if it didn't initially request privilege elevation it would be sandboxed until it requested said privilege elevation and then subsequently terminated by Comodo.
With it set to run inside container you'd get a notification that the ransomware had been sandboxed and it would just sit inside the sandbox unable to do anything of note. The ransomware would eventually self-terminate or be terminated when you either clear the sandbox or restart your PC.

Edit: I reworded it so it was easier to understand.

Sorry for hijacking your question @cruelsister. :oops: You'll probably be able to explain it better than I have.
 
Last edited:
  • Like
Reactions: kyokodash, TheMalwareMaster and Tiny
cruelsister

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
No issues! The only reason that I had that option checked is that it will suppress popups for unknown and unsigned applications from giving the user a choice to give that application privilege escalation. For those that have UAC enabled, this would just be duplication. For those with UAC disabled, a rule of thumb should be to NEVER EVER allow PE for an unknown. Checking this box just will remove that popup option, but otherwise will not really add anything to protection.
 
  • Like
Reactions: Parsh, kyokodash, TheMalwareMaster and 1 other person
cruelsister

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
AV Gurus- Yeah, send me a link. I'm on the road now for quite a while but I'll check it when I can. By the way, would the file happen to be signed?
 
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
  • Like
Reactions: harlan4096

Similar threads

NB InfoTech
    • Like
App Review Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024
Replies
4
Views
408
Video Reviews - Security and Privacy
bazang
bazang
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,332
Video Reviews - Security and Privacy
tofargone
tofargone
rashmi
    • HaHa
    • Like
    • Applause
  • Locked
App Review COMODO Firewall 2025: Protector Diva for countless users, object of obsession for a few!
Replies
64
Views
4,025
Written Reviews - Security and Privacy
Chuck57
Chuck57

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top